The fine is, of course, tiny in the context of Facebook's global revenue of more than $40 billion last year. Denham said the penalty would have been much higher had Europe's GDPR rules been in force. GDPR allows data watchdogs to fine companies up to 4% of their global turnover, which in Facebook's case would be $1.6 billion.

"We considered these contraventions to be so serious we imposed the maximum penalty under the previous legislation. The fine would inevitably have been significantly higher under the GDPR," she said.

"One of our main motivations for taking enforcement action is to drive meaningful change in how organisations handle people's personal data."

Facebook can appeal the fine. A spokesman said:

"We are currently reviewing the ICO's decision. While we respectfully disagree with some of their findings, we have said before that we should have done more to investigate claims about Cambridge Analytica and taken action in 2015.

"We are grateful that the ICO has acknowledged our full cooperation throughout their investigation, and have also confirmed they have found no evidence to suggest UK Facebook users' data was in fact shared with Cambridge Analytica.

"Now that their investigation is complete, we are hopeful that the ICO will now let us have access to CA servers so that we are able to audit the data they received."